Bearish Bumbles

There's been a large number of draft blog posts that I haven't posted and have deleted because they expired - this one isn't like that. I just read this article about the NSA (description here, and their website) potentially putting a backdoor into a cryptographical security standard. Firstly let me say this: And you didn't think it was going happen? Any organisation that is interested in Security is interested in Security that it can control. That's the case with ALL organisations - including PGP, CounterPane etc.

The LEVEL of control is what is important. PGP, CounterPane et al. are all about controlling access to sensitive data - NOT about giving themselves some way of seeing that sensitive data. They provide the controlling software but allow you and I to sit down and lock whatever it is that we want away. Think of them like locksmiths with no skeleton key. They provide you with a padlock and a key and you go lock away your beanie bear collection.

The NSA on the other hand wants to be in a position (as all government agencies do) of being able to look at what is locked away with their locks. It's like a locksmith with a skeleton key. The problem is that the types of people that they are selling the locks to are deemed to be criminals, and the NSA is the police. Of COURSE they are going to want to provide some way of looking at what the criminal fraternity is doing....

» Read More